I believe one of my customers pcs have been compromised (one or multiple machines have a trojan), and spammers have their credentials for my server.

My server has been sending a lot of email -- from address / domains that aren't hosted by my server. For example the dashboard shows top senders as -- "xbsjcjaed@yahoo.com". Many emails going out don't even have a 'From'.

So there's a couple of issues here.

1. The Pro Panel doesn't show who's credentials are being used to send emails. Right now -- I don't know who's password to reset / account to disable to prevent the spamming. The Pro Panel just show's who the email is FROM -- even though it's not a valid account on my server.

2. How can I configure the server to reject emails without a 'FROM' address -- and to only allow From addresses from valid domains and users that I host?

Re: Weird Spam Problem

Re: Weird Spam Problem

Ok .. got it figured out. Just for everyone else's amusement, and perhaps some beginners in the future.

The postfix setting - 'mynetworks_style' (in main.cf) was misconfigured. My server is behind a NAT. By default postfix sets 'mynetworks_style' to subnet - which says - hey trust everything you're handed to send .. if it's on the same subnet as you.

The problem is, everything my server was being handed was coming from my router ... so the entire internet was effectively 'on the same subnet'. The server trusted everything -- and so was relaying everything.

I changed the setting to host, and purge the mailq .. and now everything is good.